Cyber Incident Victim: Ayuntamiento de Durango

On January 8, 2023, the Durango City Council experienced a cyberattack of unknown origin that disrupted municipal operations. The incident was detected on Sunday morning, prompting immediate notification to Spanish authorities, including the National Cryptological Center (CNN). Municipal IT personnel initiated an impact assessment alongside cybersecurity experts, focusing on evaluating compromises to system integrity and security. The attack significantly impaired the Citizen Service Center (SAC), a primary interface for public inquiries and administrative functions. Other unspecified municipal services also sustained operational damage, though the council did not disclose technical details regarding intrusion methods or data compromise. No threat actor claimed responsibility during the initial response phase.

Response efforts prioritized diagnosing the attack’s scope while maintaining limited public service functionality. The council issued public advisories acknowledging that SAC operations and related services might experience prolonged limitations or procedural changes during recovery. No restoration timeline or specific containment measures were disclosed. Municipal teams continued collaborating with external cybersecurity specialists to restore systems, but the article did not confirm whether critical infrastructure or data repositories were exfiltrated or encrypted. Service disruptions persisted at the time of reporting, with no additional updates on forensic findings or attacker attribution.